The purpose of this policy is to ensure that any user who has access to the University of the Pacific's information technology-based resources understands Pacific's applicable information security policies and a verified understanding of information security awareness.
This policy applies to all University of the Pacific employees, contractors, and volunteers, including faculty, staff, coaches, administrators, students and temporary employees who have access to Pacific's information technology based resources.
Individuals must understand the risks in using today's technology and how to effectively defend against today's cyber threats, both at work and at home. The primary purpose of an effective information security education and awareness program is to establish and sustain an appropriate level of protection for data and technology resources by increasing users' awareness of their information security responsibilities. Specific objectives of this program include:
All University of the Pacific employees, contractors, and volunteers, including faculty, staff, coaches, administrators, students and temporary employees must complete information security awareness education and training with respect to Pacific's information security policies upon hire in concert with other training required by the University. All employees, contractors and volunteers with access to Payment Card Industry (PCI), Health Insurance Portability and Accountability Act 1996 (HIPAA), or other specified categories of regulated data will receive annual training to meet regulatory requirements. All employees, contractors, and volunteers without access to specified data categories will receive bi-annual training. Pacific will maintain records, as it deems appropriate, that confirm a user has received training. Training may be delivered in person or online. In addition to annual training, reinforcement training such as newsletters, email messages, digital signage, posters, webcasts and other means will be used on campus. The Information Security Education and Awareness program may also include unscheduled awareness assessments to ensure compliance with the policy.
It is the responsibility of each User to understand their privileges and responsibilities under Information Technology Policies and to act accordingly.
Users failing to abide by these policies may be subject to corrective action up to and including, dismissal, expulsion, and/or legal action by the University. While technical corrective action, including limiting user activity or removing information, may be taken in emergency situations by authorized Information Technology staff, other corrective action, technical and/or non-technical, will be taken in accord with applicable University policies and procedures.
Contact IT Security